Wireless interconnectivity and devices are dominant technologies being deployed and used in everyday life, whether for business use or personal use. In addition, cloud computing is changing information cultures and is part of an emerging business strategy for a new delivery model for Internet-based computation services, application software, data access, and storage. Security associated with untrusted environments becomes challenging. Traditional computer and network security schemes are inadequate to address vulnerabilities and attacks associated to these untrusted systems.
A web application is an application that is accessed over a network such as the Internet or an intranet by using web browsers, and is coded in a browser-supported language (such as JavaScript, combined with a browser-rendered markup language like HTML). The web application relies on a common web browser to render the application executable. The ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers is a key reason for their popularity, as is the inherent support for cross-platform compatibility. Compared to early HTML and JavaScript to the latest HTML5, latest web applications are becoming platform and browsers independent. Browsers are also providing application execution environments. When compared to native execution environments, secured execution of a web application provides new challenges. Pressure is greater than before on mobile device manufacturers (whether smart phones or tablets) and network operators to maintain costs at the lowest possible level. Yet, execution of the same web application should provide the same functionality, no matter what device it is executed on. For lower end devices, resources are usually more limited, which creates additional pressure on the web applications.
For example, KJava on Symbian platform is a scaled down Java Virtual Machine (JVM) designed for mobile platforms. KJava contains a subset of the Java 2 Standard Edition (J2SE) packages and implements restricted Mobile Information Device Profile (MIDP) and restricted Connected Limited Device Configuration (CLDC) profiles. For instance, restrictions include 1) no support for Java Native Interface (JNI); 2) limited reflection capabilities (e.g., limited ability to examine or modify runtime behavior); 3) no custom class loaders (e.g., no ability to fine tune behavior of the class loader).
Exemplary limitations related to execution resources or environment restrictions have been mentioned and are of particular relevance in the context securing web application execution, which is generally addressed in the present application.